crypto: add --decrypt=nostash to avoid stashing session keys

[notmuch] / doc / man1 / notmuch-config.rst

diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst
index 40c12721d2918773feff77c2ce1094f99f43a9cd..773fd9da2cd735cbc38c5157c0ae158e3ded8012 100644 (file)
--- a/doc/man1/notmuch-config.rst
+++ b/doc/man1/notmuch-config.rst
@@ -15,7 +15,11 @@ DESCRIPTION
 ===========
 
 The **config** command can be used to get or set settings in the notmuch
-configuration file.
+configuration file and corresponding database.
+
+Items marked **[STORED IN DATABASE]** are only in the database.  They
+should not be placed in the configuration file, and should be accessed
+programmatically as described in the SYNOPSIS above.
 
     **get**
         The value of the specified configuration item is printed to
@@ -128,10 +132,51 @@ The available configuration items are described below.
     **crypto.gpg_path**
 
         Name (or full path) of gpg binary to use in verification and
-        decryption of PGP/MIME messages.
-    
+        decryption of PGP/MIME messages.  NOTE: This configuration
+        item is deprecated, and will be ignored if notmuch is built
+        against GMime 3.0 or later.
+
         Default: ``gpg``.
 
+    **index.decrypt**
+
+        **[STORED IN DATABASE]**
+
+        One of ``false``, ``auto``, ``nostash``, or ``true``.
+
+        When indexing an encrypted e-mail message, if this variable is
+        set to ``true``, notmuch will try to decrypt the message and
+        index the cleartext, stashing a copy of any discovered session
+        keys for the message.  If ``auto``, it will try to index the
+        cleartext if a stashed session key is already known for the message
+        (e.g. from a previous copy), but will not try to access your
+        secret keys.  Use ``false`` to avoid decrypting even when a
+        stashed session key is already present.
+
+        ``nostash`` is the same as ``true`` except that it will not
+        stash newly-discovered session keys in the database.
+
+        Be aware that the notmuch index is likely sufficient (and a
+        stashed session key is certainly sufficient) to reconstruct
+        the cleartext of the message itself, so please ensure that the
+        notmuch message index is adequately protected.  DO NOT USE
+        ``index.decrypt=true`` or ``index.decrypt=nostash`` without
+        considering the security of your index.
+
+        Default: ``auto``.
+
+    **built_with.<name>**
+
+        Compile time feature <name>. Current possibilities include
+        "compact" (see **notmuch-compact(1)**)
+        and "field_processor" (see **notmuch-search-terms(7)**).
+
+    **query.<name>**
+
+        **[STORED IN DATABASE]**
+        Expansion for named query called <name>. See
+        **notmuch-search-terms(7)** for more information about named
+        queries.
 
 ENVIRONMENT
 ===========
@@ -146,7 +191,15 @@ of notmuch.
 SEE ALSO
 ========
 
-**notmuch(1)**, **notmuch-count(1)**, **notmuch-dump(1)**,
-**notmuch-hooks(5)**, **notmuch-insert(1)**, **notmuch-new(1)**,
-**notmuch-reply(1)**, **notmuch-restore(1)**, **notmuch-search(1)**,
-**notmuch-search-terms(7)**, **notmuch-show(1)**, **notmuch-tag(1)**
+**notmuch(1)**,
+**notmuch-count(1)**,
+**notmuch-dump(1)**,
+**notmuch-hooks(5)**,
+**notmuch-insert(1)**,
+**notmuch-new(1)**,
+**notmuch-reply(1)**,
+**notmuch-restore(1)**,
+**notmuch-search(1)**,
+**notmuch-search-terms(7)**,
+**notmuch-show(1)**,
+**notmuch-tag(1)**